[thelist] ASP Question - Converting varchar to data type
Ken Schaefer
Ken at adOpenStatic.com
Thu Dec 6 17:30:50 CST 2007
Just be aware that your code, as it was posted, is vulnerable to SQL Injection attack...
Cheers
Ken
-----Original Message-----
From: thelist-bounces at lists.evolt.org [mailto:thelist-bounces at lists.evolt.org] On Behalf Of L L
Sent: Friday, 7 December 2007 6:06 AM
To: thelist at lists.evolt.org
Subject: Re: [thelist] ASP Question - Converting varchar to data type
Thanks - this (adding the single quotes) did the job! The column in the db table is a varchar type,
as it contains those dashes. The SQL statement wasn't using the single quotes
which was causing that error (converting a field from int to varchar during
query).
-Louis
Message: 6
Date: Thu, 6 Dec 2007 11:37:49 -0500
From: "Phillip Ciske" <pciske at gmail.com>
Subject: Re: [thelist] ASP Question - Converting varchar to data type
int
To: "thelist at lists.evolt.org" <thelist at lists.evolt.org>
Message-ID:
<e73019a80712060837w19633b0ctb537fcdc37b1dd9e at mail.gmail.com>
Content-Type: text/plain; charset=ISO-8859-1
> I'm working in ASP and have a data input page which has a 'unique id
generator' that is in this format xxxx-xx-xxx-xxx, with the x's being
all numeric. The database column is set up to be 'varchar' to allow for
the dashes.
> for this code:
> <%strSQL = "SELECT * FROM AMS where MinutesID = " & Request ("id")%>
>
> Is there a way to convert the request string to varchar/non-numeric
so that the two can be compared, etc?
If Request("id") is a string, you will need single quotes around the
value in your SQL. For the string xxxx-xx-xxx-xxx, the SQL will
become:
SELECT * FROM AMS WHERE MinutesID = 'xxxx-xx-xxx-xxx'
Your strSQL variable becomes:
<%strSQL = "SELECT * FROM AMS WHERE MinutesID = '" & Request("id") &
"'" %>
Phillip
More information about the thelist
mailing list